Threat Actor Profile
High Cybercriminal
Description

Pro-Palestinian Group

Confidence Score
100%
Tags
ransomware ransomware.live
First Seen

Unknown

Last Updated

Unknown

Active Status
Active
Created

April 29, 2026

Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel
STIX Data 
{'added_date': None,
 'client': '2003264@sit.singaporetech.edu.sg',
 'description': 'Pro-Palestinian Group',
 'firstseen': '2023-12-17T19:22:29.519792+00:00',
 'group': 'toufan',
 'has_negotiations': False,
 'has_ransomnote': False,
 'lastseen': '2023-12-27T03:17:16.475900+00:00',
 'locations': [{'available': True,
                'fqdn': 'toufanleaks.org',
                'slug': 'https://toufanleaks.org',
                'title': 'Cyber Toufan',
                'type': 'DLS'},
               {'available': False,
                'fqdn': 't.me/CyberToufan',
                'slug': 'https://t.me/CyberToufan',
                'title': 'Telegram: Contact @CyberToufan',
                'type': 'Telegram'},
               {'available': True,
                'fqdn': 't.me/CyberToufan02',
                'slug': 'https://t.me/CyberToufan02',
                'title': 'Telegram: Contact @CyberToufan02',
                'type': 'Telegram'},
               {'available': False,
                'fqdn': 't.me/CyberToufanBackup',
                'slug': 'https://t.me/CyberToufanBackup',
                'title': 'Telegram: Contact @CyberToufanBackup',
                'type': 'Telegram'}],
 'negotiation_count': 0,
 'ransomnotes_count': 0,
 'tiaras_metadata': {'has_negotiations': False,
                     'has_ransomnote': False,
                     'locations': [{'available': True,
                                    'fqdn': 'toufanleaks.org',
                                    'slug': 'https://toufanleaks.org',
                                    'title': 'Cyber Toufan',
                                    'type': 'DLS'},
                                   {'available': False,
                                    'fqdn': 't.me/CyberToufan',
                                    'slug': 'https://t.me/CyberToufan',
                                    'title': 'Telegram: Contact @CyberToufan',
                                    'type': 'Telegram'},
                                   {'available': True,
                                    'fqdn': 't.me/CyberToufan02',
                                    'slug': 'https://t.me/CyberToufan02',
                                    'title': 'Telegram: Contact @CyberToufan02',
                                    'type': 'Telegram'},
                                   {'available': False,
                                    'fqdn': 't.me/CyberToufanBackup',
                                    'slug': 'https://t.me/CyberToufanBackup',
                                    'title': 'Telegram: Contact '
                                             '@CyberToufanBackup',
                                    'type': 'Telegram'}],
                     'negotiation_count': 0,
                     'ransomnotes_count': 0,
                     'ransomware_live_group': 'toufan',
                     'tools': {},
                     'url': 'https://www.ransomware.live/group/toufan',
                     'victims': 117,
                     'vulnerabilities': []},
 'tiaras_source': 'ransomware.live',
 'tools': {},
 'ttps': [],
 'url': 'https://www.ransomware.live/group/toufan',
 'victims': 117,
 'vulnerabilities': []}
Quick Actions
Back to Threat Actors
Dashboard Home